MidnightBSD

Advisories for json-smart_project

CVE-2021-27568 MEDIUM

An issue was discovered in netplex json-smart-v1 through 2015-10-23 and json-smart-v2 through 2.4. An exception is thrown from a function, but it is not caught, as demonstrated by NumberFormatException. When it is not caught, it may cause programs using the library to crash or expose sensitive information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-754,

Products Affected

Vendor Product Version
oracle weblogic_server 14.1.1.0.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle utilities_framework 4.4.0.2.0
json-smart_project json-smart-v2 *
oracle peoplesoft_enterprise_peopletools 8.59
oracle utilities_framework 4.4.0.3.0
oracle peoplesoft_enterprise_peopletools 8.58
oracle communications_cloud_native_core_policy 1.14.0
json-smart_project json-smart-v1 *
oracle utilities_framework 4.4.0.0.0
oracle oss_support_tools *
CVE-2021-31684 MEDIUM

A vulnerability was discovered in the indexOf function of JSONParserByteArray in JSON Smart versions 1.3 and 2.4 which causes a denial of service (DOS) via a crafted web request.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-787,

Products Affected

Vendor Product Version
oracle utilities_framework 4.4.0.3.0
json-smart_project json-smart-v1 *
oracle utilities_framework 4.4.0.0.0
oracle utilities_framework 4.4.0.2.0
json-smart_project json-smart-v2 *
CVE-2023-1370

[Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
reefs@jfrog.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
json-smart_project json-smart 2.4.9
json-smart_project json-smart *